Giter Site home page Giter Site logo

ericgerling / nexpose-runner Goto Github PK

View Code? Open in Web Editor NEW

This project forked from amngibson/nexpose-runner

0.0 1.0 0.0 85 KB

This is a gem that provides the ability to create a new site, add an IP to the site, and perform a scan against the site using a defined/passed scan template, and finally produce a reports for vulnerabilities, installed software, and policy compliance.

License: MIT License

Ruby 100.00%

nexpose-runner's Introduction

NexposeRunner::Scan

This is a ruby gem that basically wraps the nexpose-client gem. It was primarily created to automate scanning and reporting of dynamic hosts.

This gem will make a nexpose server connection, create a new site, initiate a scan against the assets in the site, and generate a vulnerability report, software report, and policy compliance report.

Basically this gem allows you to attach Nexpose to your Continuous Delivery/Continuous Integration pipeline. Though it can be used for other purposes.

At the end of the scan it will generate 3 csv reports and save them in the directory where the script was executed from. It will also raise an exception if a vulnerability is detected. This is used to break the Continuous Delivery/Continuous integration build. You may add an exception list URL to prevent breaking the build.

Installation

Add this line to your application's Gemfile:

gem 'NexposeRunner'

And then execute:

$ bundle

Or install it yourself as:

$ gem install NexposeRunner

Usage

This gem allows you to specify the Nexpose Server URL, Exceptions URL (optional), Nexpose Username, Nexpose Password, Nexpose Server Port (optional, defaults to 3780), Site Name, Target IP Address, Scan Template, and Engine Number (optional).

NOTE: If you use the "exceptions_list_url" parameter, please ensure you have proper authentication in place.

EXAMPLE:

$ scan --connection test.com --exceptions_list_url raw.github.com/exceptions.txt --username username1 --password password1 --port 443 --site-name myfirstsite --ip-addresses 192.168.1.10 --scan-template full-audit --engine_id 2

It is possible to use a YAML file to drive the configuration of this module. An example configuration file is provided in config/scan.yml.example. Simply copy it to config/scan.yml and modify it to work with your environment.

Contributing

  1. Fork it ( https://github.com/[my-github-username]/nexpose-scan/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request

nexpose-runner's People

Contributors

amngibson avatar mree avatar nstarke avatar abdelsfane avatar

Watchers

Eric Gerling avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.